如何使用Apache Sentry Java Client API?是否有用户指南文档?

时间:2019-04-17 04:23:58

标签: java apache-sentry

我正在尝试使用其Java Client API在CDH群集中操作Sentry。由于我尚未找到与此有关的任何文档(official site上几乎没有有用的信息),因此我只是猜测并撰写。现在出现了一些异常,我无法解决。因此,我想知道是否有关于如何使用Sentry的Java API的文档。

以下是我编写的代码:

package com.playground;

import org.apache.hadoop.conf.Configuration;
import org.apache.sentry.api.service.thrift.SentryPolicyServiceClient;
import org.apache.sentry.api.service.thrift.TSentryRole;
import org.apache.sentry.service.thrift.SentryServiceClientFactory;

import java.util.Set;

public class SentryClientTest {
    public static void main(String[] args) {
        Configuration conf = new Configuration();
        conf.addResource("sentry-site.xml");
        try {
            SentryPolicyServiceClient client = SentryServiceClientFactory.create(conf);
            Set<TSentryRole> roles= client.listAllRoles("myname");
            for (TSentryRole role : roles) {
                System.out.println(role);
            }
        } catch (Exception e) {
            e.printStackTrace();
        }

    }
}

sentry-site.xml是从/etc/sentry/sentry-site.xml复制而来,其内容如下:

<?xml version="1.0" encoding="UTF-8"?>

<!--Autogenerated by Cloudera Manager-->
<configuration>
  <property>
    <name>sentry.service.server.principal</name>
    <value>sentry/_HOST@SOME_REALM</value>
  </property>
  <property>
    <name>sentry.service.security.mode</name>
    <value>kerberos</value>
  </property>
  <property>
    <name>sentry.service.client.server.rpc-address</name>
    <value>some-hostname</value>
  </property>
  <property>
    <name>sentry.service.client.server.rpc-port</name>
    <value>8038</value>
  </property>
  <property>
    <name>sentry.service.client.server.rpc-addresses</name>
    <value>hostname1:8038,hostname2:8038</value>
  </property>
</configuration>

异常消息:

org.apache.sentry.core.common.exception.SentryUserException: GSS initiate failed
    at org.apache.sentry.core.common.transport.RetryClientInvocationHandler.connect(RetryClientInvocationHandler.java:166)
    at org.apache.sentry.core.common.transport.RetryClientInvocationHandler.invokeImpl(RetryClientInvocationHandler.java:90)
    at org.apache.sentry.core.common.transport.SentryClientInvocationHandler.invoke(SentryClientInvocationHandler.java:41)
    at com.sun.proxy.$Proxy2.listAllRoles(Unknown Source)
    at com.playground.SentryClientTest.main(SentryClientTest.java:17)
Caused by: org.apache.thrift.transport.TTransportException: GSS initiate failed
    at org.apache.thrift.transport.TSaslTransport.sendAndThrowMessage(TSaslTransport.java:232)
    at org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:316)
    at org.apache.thrift.transport.TSaslClientTransport.open(TSaslClientTransport.java:37)
    at org.apache.sentry.core.common.transport.SentryTransportFactory$UgiSaslClientTransport.baseOpen(SentryTransportFactory.java:183)
    at org.apache.sentry.core.common.transport.SentryTransportFactory$UgiSaslClientTransport.access$100(SentryTransportFactory.java:141)
    at org.apache.sentry.core.common.transport.SentryTransportFactory$UgiSaslClientTransport$1.run(SentryTransportFactory.java:168)
    at org.apache.sentry.core.common.transport.SentryTransportFactory$UgiSaslClientTransport$1.run(SentryTransportFactory.java:166)
    at java.security.AccessController.doPrivileged(Native Method)
    at javax.security.auth.Subject.doAs(Subject.java:422)
    at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1754)
    at org.apache.sentry.core.common.transport.SentryTransportFactory$UgiSaslClientTransport.open(SentryTransportFactory.java:166)
    at org.apache.sentry.core.common.transport.SentryTransportFactory.connectToServer(SentryTransportFactory.java:99)
    at org.apache.sentry.core.common.transport.SentryTransportFactory.getTransport(SentryTransportFactory.java:86)
    at org.apache.sentry.core.common.transport.SentryTransportPool$PoolFactory.create(SentryTransportPool.java:302)
    at org.apache.sentry.core.common.transport.SentryTransportPool$PoolFactory.create(SentryTransportPool.java:271)
    at org.apache.commons.pool2.BaseKeyedPooledObjectFactory.makeObject(BaseKeyedPooledObjectFactory.java:62)
    at org.apache.commons.pool2.impl.GenericKeyedObjectPool.create(GenericKeyedObjectPool.java:1041)
    at org.apache.commons.pool2.impl.GenericKeyedObjectPool.borrowObject(GenericKeyedObjectPool.java:380)
    at org.apache.commons.pool2.impl.GenericKeyedObjectPool.borrowObject(GenericKeyedObjectPool.java:279)
    at org.apache.sentry.core.common.transport.SentryTransportPool.getTransport(SentryTransportPool.java:183)
    at org.apache.sentry.api.service.thrift.SentryPolicyServiceClientDefaultImpl.connect(SentryPolicyServiceClientDefaultImpl.java:100)
    at org.apache.sentry.core.common.transport.RetryClientInvocationHandler.connect(RetryClientInvocationHandler.java:141)
    ... 4 more

我想这与Kerberos有关,但我无法弄清楚。任何帮助表示赞赏。

0 个答案:

没有答案
相关问题
最新问题